Interpretive environments, also commonly referred to as shells, allow system administrators to automate tasks through the use of scripts. Shell scripting languages are used to write the scripts. Because many of the scripting languages and shells date back to before the Internet boom, they were not designed for warding off attacks by malicious individuals seeking to exploit vulnerabilities within the scripts and/or within the shell. These attacks include overrunning buffers, inserting unexpected text/code in the input to the script, inserting unexpected code for execution, and the like.
In order to provide a more secure interpretive environment in the new Internet era, several different approaches have been developed. For instance, in one approach, certain commands within the shell have been disabled when used within a script. However, by doing so, the portability of the shell script is affected. In another approach, special purpose code is added into different commands of the shell. This special purpose code then performs additional security checking. However, this approach is very time consuming and may potentially overlook certain commands, thereby, leaving potential vulnerabilities exposed. In addition, as new security issues arise (e.g., authorization checks, validating signatures), the time consuming approach for adding new special purpose code and/or modifying that code must be undertaken again.
Thus, a more versatile solution is needed for minimizing security problems within interpretive environments.